Peter Kietzmann: Security Components for the IoT (Christmas Lecture)

From PUF to Protected Key: Security Components for the IoT

Data confidentiality, integrity, and availability rely on crypto-operations that are resource-intensive and conflict with device constraints in the Internet of Things (IoT). Devices differ widely in hardware capabilities for crypto, ranging from no hardware support, to powerful accelerators supporting a large number of operations, tamper protected key storages, and hardware random number generators. To enable security in the low-end IoT, cryptographic primitives should be optimized and utilize the constrained hardware most efficiently – including possible crypto-extensions. Nevertheless, poor devices still need crypto and a source for highly unpredictable numbers, to perpetuate secrets such as encryption keys. While crypto-alternatives are implemented through a plethora of software libraries, randomness generation is the more challenging affair. Physical unclonable functions (PUFs) are a promising class of solutions that utilize intrinsic hardware variations to provide entropy and unpredictable secrets without additional hardware requirements. This talk starts with the ever confusing topic of randomness generation from the perspective of an IoT OS. We introduce SRAM PUFs and present evaluations of PUFs in RIOT to derive random seeds and secrets. These primitives are essential input to crypto-functions. We present performance benchmarks of common cryptography on hardware and software. Finally, our implementation concept of the PSA Crypto API in RIOT integrates the zoo of embedded crypto components below a uniform access API.